![]() ![]() PyBitmessage-master/src//pyelliptic/ecc.py:78: warning: bad token warning: bad token warning: bad token warning: bad token warning: bad token PyBitmessage-master/src//pyelliptic/openssl.pyĪnalyzing PyBitmessage-master/src//pyelliptic/_init_.pyĪnalyzing PyBitmessage-master/src//pyelliptic/cipher.py PyBitmessage-master/src/shared.py (score: 0)Īnalyzing PyBitmessage-master/src//pyelliptic/ecc.py PyBitmessage-master/src/qidenticon.py (score: 0) PyBitmessage-master/src/helper_bitcoin.py (score: 0) PyBitmessage-master/src/pyelliptic/cipher.py (score: 0) PyBitmessage-master/src/pyelliptic/_init_.py (score: 0) PyBitmessage-master/src/pyelliptic/openssl.py (score: 0) PyBitmessage-master/src/pyelliptic/ecc.py (score: 0) $ find PyBitmessage-master/src/ -name '*.py' | xargs bandit -n 1 The Bandit Python code security scanner did not return any results: v 1.53 T=0.5 s (112.0 files/s, 37088.0 lines/s)Ī free Coverity scan might be a useful resource for any Bitmessage code reviewer. ![]() Here is the “cloc” output for PyBitmessage’s src: There are not many great tools for static analysis of Python code from a security perspective, so a line-by-line analysis is probably required on some level. ![]() Do you know someone with secure code reviewing skills who might be interested? Please send them to the CryptOpinion folks. I originally volunteered for the effort, but have another engagement that precludes me from doing so. Some people from the CryptOpinion website are trying to organize a crowd-funded secure code review of Bitmessage. This weakens the trust of users and software developers who might want to integrate Bitmessage into their own projects. Bitmessage’s current Python code base has not been thoroughly reviewed from a security standpoint.Making streams a reality requires the participation of one or more crafty Python developers (or developers of a new Bitmessage implementation). One solution is to implement streams, sending messages to a smaller number of recipients while preserving properties that come with broadcasting messages to everyone. The messages sent around the Bitmessage network are more or less broadcast to all other participants in the network - albeit only readable by the intended recipient - creating a cacophony of unnecessary traffic. The Bitmessage network, as it is currently designed, would have difficulty scaling to many users.Today, Bitmessage is often used as a more private version of email, but if only a handful of weaknesses in the project were resolved, we would probably see it integrated into a number of crypto-currency-related projects. It’s been a subject of significant interest for crypto-currency developers because its has privacy and networking properties built in that are absent from the blockchain and Bitcoin-like peer-to-peer networks. Bitmessage is a decentralized, peer-to-peer messaging network.
0 Comments
Leave a Reply. |